Bug#751774: marked as done (eglibc: CVE-2014-4043: posix_spawn_file_actions_addopen fails to copy the path argument)

[Debian Bug Tracking System]

Your message dated Mon, 16 Jun 2014 21:36:41 +0000
with message-id <e1wwea1-00062g...@franck.debian.org>
and subject line Bug#751774: fixed in eglibc 2.19-2
has caused the Debian Bug report #751774,
regarding eglibc: CVE-2014-4043: posix_spawn_file_actions_addopen fails to copy 
the path argument
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
751774: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: eglibc
Version: 2.19-1
Severity: normal
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for eglibc.

CVE-2014-4043[0,1]:
posix_spawn_file_actions_addopen fails to copy the path argument

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-4043
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1109263

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: eglibc
Source-Version: 2.19-2

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 751...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Jun 2014 20:40:57 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb 
libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 
libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 
libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 
libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 
libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc 
libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc6-armhf 
libc6-dev-armhf libc6-armel libc6-dev-armel libc0.1-i386 libc0.1-dev-i386 
libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 
libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.19-2
Distribution: unstable
Urgency: medium
Maintainer: Aurelien Jarno <aure...@debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description:
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-armel - Embedded GNU C Library: ARM softfp shared libraries for armhf
 libc6-armhf - Embedded GNU C Library: ARM hard float shared libraries for armel
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-armel - Embedded GNU C Library: ARM softfp development libraries for 
armh
 libc6-dev-armhf - Embedded GNU C Library: ARM hard float development libraries 
for
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - Embedded GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for 
MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for 
MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development 
libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for 
PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM 
zSeri
 libc6-dev-sparc - Embedded GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for 
UltraSPAR
 libc6-dev-x32 - Embedded GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F 
optimized)
 libc6-mips32 - Embedded GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for 
ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - Embedded GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - Embedded GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 627531 644406 709867 715038 750996 751134 751172 751565 751774
Changes:
 eglibc (2.19-2) unstable; urgency=medium
 .
   [ Adam Conrad ]
   * expected-results-aarch64-linux-gnu-libc: Ignore basic-test.out on
     arm64 after assurance from upstream that this isn't a regression.
 .
   [ Aurelien Jarno ]
   * Add support for mipsn32, mipsn32el, mips64 and mips64el, based on
     patches from Eleanor Chen, Yunqiang Su and Sphinx Jiang.  Closes:
     #715038.
     - debian/control.in/main: bump build-depends on linux-libc-dev to (>=
       3.9). Do it for all architectures as this version is in Jessie for quite
       some time.
     - control.in/mips32: new file.
     - control.in/mipsn32: add mips64 and mips64el architectures.
     - control.in/mips64: add mipsn32 and mipsn32el architectures.
     - debian/rules.d/control.mk: add mipsn32, mipsn32el, mips64 and mips64el
       to the architecture list.
     - debian/sysdeps/mips64.mk: new file.
     - debian/sysdeps/mips64el.mk: new file.
     - debian/sysdeps/mipsn32.mk: new file.
     - debian/sysdeps/mipsn32el.mk: new file.
   * debian/control.in/libc: add a Breaks: check (<< 0.9.10-6.1+b1) on s390x,
     to make sure libcheck.a is using the GLIBC_2.19 version of the *jmp*
     functions.
   * debian/control.in/libc: add a Breaks: libtirpc1 (<< 2.3), as earlier
     versions try to unlock a lock which hasn't been locked, causing an
     issue with lock elision.  Closes: #751134.
   * Update Swedish debconf translation, by Martin Bagge.  Closes: #751172.
   * debian/patches/alpha/submitted-lll_futex_timed_wait_bitset.diff: new
     patch to fix issues in the testsuite on alpha.  Closes: #750996.
   * debian/testsuite-checking/expected-results-mips*-linux-gnu-*: re-add
     tst-mqueue5.out (removed in the latest cleanup) as it still occasionally
     fails.
   * debian/patches/any/submitted-resolv-ipv6-nameservers.diff: new patch to
     fix resolving issues when using IPv6 nameservers in resolv.conf.  Closes:
     #627531, #644406, #709867.
   * patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch from
     upstream to fix a vulnerability in posix_spawn_file_actions_addopen
     (CVE-2014-4043).  Closes: #751774.
   * patches/kfreebsd/local-sysdeps.diff: update to revision 5486 (from
     glibc-bsd).  Closes: #751565.
Checksums-Sha1:
 9041db4dcfb5c218ace8dd81bc50adb706c6988f 7801 eglibc_2.19-2.dsc
 cb82ac808dde04f66ecc0ea8155966fd4e8ff06c 996496 eglibc_2.19-2.debian.tar.xz
 22e537a053b84be7e3d2e96ef8f25ff6fb4d1c16 2285620 glibc-doc_2.19-2_all.deb
 334bf422449eff337caf326e0517375a533e5c56 14210972 eglibc-source_2.19-2_all.deb
 878a02fc72fa61dbda232a15d0360087e7e2704f 3909172 locales_2.19-2_all.deb
 815600af92527cb81f219d5c829713685a8d6966 4816064 libc6_2.19-2_amd64.deb
 698e3f2ee313327d982ba3d15ed06c77ea179229 2000308 libc6-dev_2.19-2_amd64.deb
 dfaee8db3b2afabd7cdabbb9679c28edd057a0c8 1470050 libc6-pic_2.19-2_amd64.deb
 7e3d7afc9b0889061facdb74bb3ead3a34a13595 1287950 libc-bin_2.19-2_amd64.deb
 ce89b87d408028b6a9f3e2398517d719367f0f77 234572 libc-dev-bin_2.19-2_amd64.deb
 3729f5bbc7e1d26ea88cb4d8363c70a30ae7e6ce 170796 
multiarch-support_2.19-2_amd64.deb
 1c6e47963b56b48bd251302669da370a3eb07328 1610516 libc6-prof_2.19-2_amd64.deb
 6c9f5e8327bc835732412799f32599cf4ce654fe 3507910 locales-all_2.19-2_amd64.deb
 77269c5b9cef00fc6bafbd04fe9f37488c06b242 2368188 libc6-i386_2.19-2_amd64.deb
 d6ca34c613392716c4143617e7027181356518dc 1311174 
libc6-dev-i386_2.19-2_amd64.deb
 b1f7e090563a4afe78ea75114b71806c34ca2ad8 2595340 libc6-x32_2.19-2_amd64.deb
 4a2f26b01c3126f90bc307491bc52a069f92d5af 1577964 libc6-dev-x32_2.19-2_amd64.deb
 49911d44dca2479b88cf9443986166aa5e170ceb 234892 nscd_2.19-2_amd64.deb
 e28c89b4da00858bb899f01d8d134d7a478519f8 3430178 libc6-dbg_2.19-2_amd64.deb
 9b0abcb80a1ca641a5d9003cc572a31fe43db512 1061034 libc6-udeb_2.19-2_amd64.udeb
 04055881fea21e804acaf721fffefb92f8bde1d3 10038 
libnss-dns-udeb_2.19-2_amd64.udeb
 b54cb4382e12b0dcd83038874e9684084af311f6 16532 
libnss-files-udeb_2.19-2_amd64.udeb
Checksums-Sha256:
 83d984a7faf2f85aa6fff11d2395ce7ea6e0fb98ffdffd21a51eba1427ff9199 7801 
eglibc_2.19-2.dsc
 6af2e5cdb0a81714506963807ae28b6a509a45959a43e03201903be7316b12c8 996496 
eglibc_2.19-2.debian.tar.xz
 35f220ef4a602864ec98ddffdcaa17a1c89d16e6524696340616467876463515 2285620 
glibc-doc_2.19-2_all.deb
 2a8cb6934fdb895d3693cd270f6f8471e4bcc221fd9680ead23c6e133cfd636e 14210972 
eglibc-source_2.19-2_all.deb
 807342c29d07c25527e5e824a42737eec8b3b0849fbcc9eb62d6f9aa53bc5dd5 3909172 
locales_2.19-2_all.deb
 4f652c9487769c98717903d0226d7d6a5695c8aea37f8794aa273380371d9e90 4816064 
libc6_2.19-2_amd64.deb
 1dc36e8e82dd52b267bccde09818cd7595f05bb8d2ea1d4593bc0ebf7906d045 2000308 
libc6-dev_2.19-2_amd64.deb
 0c829a63670b62cb113733d5f4487b5ad293d152802f3ad50fdca10e11e10820 1470050 
libc6-pic_2.19-2_amd64.deb
 d79288671d126127fe8a6d31fedf7a4085cd2a4f24f9eb5d09af61cc9d37686f 1287950 
libc-bin_2.19-2_amd64.deb
 4c15c48c661a4976b4f0892ae066d5bc3cdc875bcfe365eb4dc50e78d11a8423 234572 
libc-dev-bin_2.19-2_amd64.deb
 6877ac6b3181103dc69317485ee31c1f3e7529c8d71f22e54c29fa34c86e4fa9 170796 
multiarch-support_2.19-2_amd64.deb
 e9f95f282bf357de9db649c8edee0bf80a6ca96b0e8b139e3615b5b7990b1998 1610516 
libc6-prof_2.19-2_amd64.deb
 5ae357f5253ff04ccbc605ababc50119228cdc427aa5a7984e7d05a67c9dde93 3507910 
locales-all_2.19-2_amd64.deb
 4c31b3847956b83d5cb4042458e5e5c356febc174ab9d6235690b9eed348d2d7 2368188 
libc6-i386_2.19-2_amd64.deb
 1af1903a3823546895f9691e6b096f7f9c3359f4cb067369297ca4f99801a5fb 1311174 
libc6-dev-i386_2.19-2_amd64.deb
 22344747aa9b8f1dd557c34b45f4ef12a8eb779a521a375d7761e3d3e180892a 2595340 
libc6-x32_2.19-2_amd64.deb
 8afb2c3ae92d14127db238e14267c79f812de2a4de0adbdd31ee5c626d913881 1577964 
libc6-dev-x32_2.19-2_amd64.deb
 94e88ab99a6998d9ace34bd74e95096e17a0271f8ca0b1541ff9594dbd1c6a05 234892 
nscd_2.19-2_amd64.deb
 c15cff974e23b7291f184f7f92eccb9908b618a79c09e691eb16d3e1fd8ac828 3430178 
libc6-dbg_2.19-2_amd64.deb
 2d21255861f72f971f6634449572084274b741886efd9553ceb0a8e324580788 1061034 
libc6-udeb_2.19-2_amd64.udeb
 abca41d8ad86c77f1db51a4780e10c05e20692593d006d19be5d26e9837ae8dd 10038 
libnss-dns-udeb_2.19-2_amd64.udeb
 3f27b46241686a06637c12c6cdf9645ac3aabdfef4552b7a8608bc74a248eed7 16532 
libnss-files-udeb_2.19-2_amd64.udeb
Files:
 bacedc4e35057829b1edb16bf9603d97 2285620 doc optional glibc-doc_2.19-2_all.deb
 30d8ac090a1495b038e2ce682b195b06 14210972 devel optional 
eglibc-source_2.19-2_all.deb
 e98e58251b0c22c803678bcf8bd9a263 3909172 localization standard 
locales_2.19-2_all.deb
 5632042a462c4fcd19cef33810765d37 4816064 libs required libc6_2.19-2_amd64.deb
 21dcffe928e8930713e5a859821f1638 2000308 libdevel optional 
libc6-dev_2.19-2_amd64.deb
 b29afa04de2be7889b39dce3565cbb32 1470050 libdevel optional 
libc6-pic_2.19-2_amd64.deb
 2fae6909a6d1557c2ed28e3bf42c1d30 1287950 libs required 
libc-bin_2.19-2_amd64.deb
 fbb065291d587b3023e267d546e1ad21 234572 libdevel optional 
libc-dev-bin_2.19-2_amd64.deb
 a361dc9f098e88492884a708823c1a57 170796 libs required 
multiarch-support_2.19-2_amd64.deb
 4a273384bc3d1107b43042938423f71d 1610516 libdevel extra 
libc6-prof_2.19-2_amd64.deb
 890e3685ef30ded6c058dac5e843cc09 3507910 localization extra 
locales-all_2.19-2_amd64.deb
 0dd60d48f15c1eb992755f38071a2cf0 2368188 libs optional 
libc6-i386_2.19-2_amd64.deb
 e9d32916b2f24c6315d381e15ec65a1b 1311174 libdevel optional 
libc6-dev-i386_2.19-2_amd64.deb
 2878f243af69c9fd42891a79450a780e 2595340 libs optional 
libc6-x32_2.19-2_amd64.deb
 c365033018f135fdadbb041232ea213d 1577964 libdevel optional 
libc6-dev-x32_2.19-2_amd64.deb
 a02a9e1660d3fc381bd7bc7b28547061 234892 admin optional nscd_2.19-2_amd64.deb
 7745d42a31109f6cd9a3bcb484d66a14 3430178 debug extra libc6-dbg_2.19-2_amd64.deb
 846bde8d0c19bd9168673dcf75e50457 1061034 debian-installer extra 
libc6-udeb_2.19-2_amd64.udeb
 30d029b3c8c62efe55cd82751e372377 10038 debian-installer extra 
libnss-dns-udeb_2.19-2_amd64.udeb
 9e17916947a14db45f947fa91d2347be 16532 debian-installer extra 
libnss-files-udeb_2.19-2_amd64.udeb
 0df6305d5ab30b86a2184ab0a83f3916 7801 libs required eglibc_2.19-2.dsc
 9f08aa689abaa6308bd26785c8b09afc 996496 libs required 
eglibc_2.19-2.debian.tar.xz
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBU59FV7qceAYd3YybAQinBw//SRIkZTf6U1ErcRa/4SjszMcTJ+7SShGi
vN8ClQtq0LJ+pUbqauKRsI5SCTEscIukJjtviCtGkKHH5SkQhMDLE/DwNIKrIKcx
ltPQfEA+GSMobn9saKveU1qOv70ztkZSZ0z78IQRfDpJozuYTcxFQ2nVvRanuvoY
6kMXKDTKtmBaPfn4XDJ3rUiCWWLddrOgo9e41U3EIjJ71los04pLghtF66RhfKcg
V9WJYaSd+KeI/cDU76xd5B1o3/7Q4kVV0HwNtPtjmwPaO6lQtPBFMEUEmbdg7lfQ
5BS3xZx2QWyLO8AnZPMsAQaWBzX9e5rjyM3+3kvX/A7r+ufDHMq/taYjFM67chB4
S91XYSKe0/jRL6JEeHwY7jkbFemahoooa8B9+rjxCWxsi1qNVNZd2tN+M9cQ3aHC
XdF1JDH7HQQb8RFQMEHmOkl+qP1o/nkCgjR2Myn53xX4n6Dlw+i4CFUF3+PZ0Yl6
pWOpfkTFNO8cDZsdwOkmhnCutIYLm2fTE4i9CNT1/CHi2ZDfnLbEMoMmB2MJWJRL
GQp092InyqWHScvJWevYZvkQUNF3oo7Xdt0RLl4K1NCUWkka3mL8BCH8RYbWxC+8
UNgxZcjj1BbbyIfCwNsUVJBm6WTXWNLUmJIuiN8EmJyEDCrKCD+HhJm4qhd++As7
jBWffd2t/kQ=
=Caxo
-----END PGP SIGNATURE-----

--- End Message ---